Package evidence
@flarehr/[email protected]
Install-time lifecycle script: postinstall="npm run browserslist:update-db && npm run browserslist:generate-regex"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 3,577Niche · −30% score
- Versions published
- 2,522Mature · −50% score
- First published
- Feb 2021
- Publisher
- nik-zavgorodniy
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@flarehr/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@flarehr/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Install-time lifecycle script: postinstall="npm run browserslist:update-db && npm run browserslist:generate-regex"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 1 · status changed
Evidence
Static findings
6 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 6 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Install-time lifecycle script | package.json | postinstall="npm run browserslist:update-db && npm run browserslist:generate-regex" | 5 |
| low | Large Javascript Payload | package/dist/lib/cjs/ap-ben-benefit-url_27.cjs.entry.js | 6743970 bytes | 0 |
| low | Large Javascript Payload | package/dist/lib/esm-es5/ap-ben-benefit-url_27.entry.js | 6210180 bytes | 0 |
| low | Large Javascript Payload | package/dist/lib/esm/ap-ben-benefit-url_27.entry.js | 6739280 bytes | 0 |
| low | Large Javascript Payload | package/dist/lib/apollo-benefits/p-520a3225.system.entry.js | 6019718 bytes | 0 |
| low | Large Javascript Payload | package/dist/lib/apollo-benefits/p-96bac6a9.entry.js | 5898051 bytes | 0 |
Manifest
Package metadata
Scripts12
browserslist:generate-regex(echo window.apolloBrowserslistRegex =&& browserslist-useragent-regexp --allowHigherVersions) > src/browser-support/apollo-browser-list.jsbrowserslist:update-dbnpx browserslist@latest --update-dbbuildstencil build --cibuild:devstencil build --dev --config stencil.dev.config.tsgeneratestencil generatelinteslint src/**/*{.ts,.tsx}lint:fixeslint src/**/*{.ts,.tsx} --fixpostinstallnpm run browserslist:update-db && npm run browserslist:generate-regexstartstencil build --dev --watch --serve --config stencil.dev.config.tsstart:apicd ../api/Benefits.Api && func start --buildteststencil test --spec --passWithNoTeststest:watchstencil test --spec --watchAll
Dependencies21
@datorama/akita^6.1.3@flarehr/beacon^0.1.5@fortawesome/fontawesome-svg-core^1.2.35@fortawesome/pro-duotone-svg-icons^5.15.3@fortawesome/pro-light-svg-icons^5.15.3@fortawesome/pro-regular-svg-icons^5.15.3@fortawesome/pro-solid-svg-icons^5.15.3@microsoft/applicationinsights-web^2.6.1@popperjs/core^2.9.2@stencil/router1.0.1bootstrap^4.6.0date-fns^2.21.1fp-ts^2.10.2immer^9.0.1jwt-decode^3.1.2mime^2.5.2oidc-client^1.11.5rxjs^6.6.7uuid^8.3.2wretch^1.7.4wretch-middlewares^0.1.12